Why should I consider using AES encryption?
While the default RC4-HMAC is the most compatible encryption type, it is no longer considered to offer strong encryption.
...
Prerequisites for using AES encryption
Prerequisites / Tasks |
|
---|---|
AES must be enabled on the user account that holds the SPN. |
Domain functional level must be 2008 or higher. | Domain functional level before 2008 does not support AES encryption. To find the domain functional level, right-click on the root of the domain, and choose properties. |
Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files must be in place | Replace local_policy.jar and US_export_policy.jar in $JAVA/HOME/jre/lib/security/ The service must be restarted to apply the new policies. |
Creating a keytab with AES.
...